Bill Gunshannon wrote:[color=blue]
> In article <47fc244e$0$90268$14726298@news.sunsite.dk>,
> Arne Vajh°j <arne@vajhoej.dk> writes:[color=green]
>> Bill Gunshannon wrote:[color=darkred]
>>> I work in a school with a graduate program in Software Engineering.
>>> It's all based on the supposed model devloped by SEI. I haven't seen
>>> anything that even begins to approach the "Software Engineering" we
>>> were doing 30 years ago before the term was even foisted on the IT
>>> industry.[/color]
>> My impression is that software engineering has advances quite a bit
>> the last 20 years. But different universities, different students
>> and different criteria s may explain the difference.[/color]
>
> What they teach as the SE methodology does not even come close to the
> amount of "engineering" we put into projects back in my applications
> programming days (late 70's early 80's). And we won't even go into
> the fact that the teaching is all lip service because none of the
> students actually apply it to their coursework and none of the
> professors seem to care.
>[color=green][color=darkred]
>>> And languages like PHP and Perl are based on a paradigm
>>> that is the antithesis of SE. The people using them make the old
>>> BASIC programmers look like consumate professionals!! I wonder what
>>> Dijkstra would have said about these languages as compared to his
>>> "love" of BASIC. :-)[/color]
>> I am not good enough in Perl to comment on that.
>>
>> PHP support well structured procedural and object oriented
>> programming.
>>
>> PHP does not even have a goto statement.[/color]
>
> Just like one can write good programs even with GOTO, the lack of one
> does not magically make programs written in a language structured,
> elegant or proper. "Rapid prototyping" languages by their very nature
> and the paradigm they espouse are the antithesis of SE.
>[color=green]
>> I doubt that Dijkstra would have anything bad to say about
>> that.[/color]
>
> Based on all the things wrong with the underlying paradigm of the
> language, the least of which is a non-existant security model, I
> would hope you were wrong. Sadly, we will never know.
>
> bill
>[/color]

Ummm.... Just how do you build "security" into a programming language?
Does "C" have security? Macro-32?? Fortran? PL/1? DCL?

I've never actually used some of the newer languages like PERL, PHP, and
doubtless others I've either not heard of or have forgotten. If I can't
do it in DCL, Fortran, C, Macro-32, sh, or ksh I can't do it! Someday
maybe I'll encounter a problem which none of the tools I'm accustomed to
can handle. Then I'll learn a new tool.

I've always thought of security being a function of the O/S which does,
or should, control who can access files with intent to change them, who
can execute a program, who can peek into memory that does not belong to
him, etc, etc.

04-09-2008, 07:25 PM

unix

Re: Php invented by a former DECcie ?

In article <47fc2231$0$90268$14726298@news.sunsite.dk>, =?ISO-8859-1?Q?Arne_Vajh=F8j?= <arne@vajhoej.dk> writes:[color=blue]
>
> Security is not a feature in programming languages. Security depends
> on how the code is written.[/color]

In some languages the programmer has to do extra work to prevent
buffer overruns. In some languages the programmer has to do extra
work to allow buffer overruns.

How the code is written may be up to the programmer, but the above
is a feature of the language.

04-09-2008, 10:48 PM

unix

Re: Php invented by a former DECcie ?

In article <t_OdnUPlfZsxYGHanZ2dnUVZ_uuonZ2d@comcast.com>,
"Richard B. Gilbert" <rgilbert88@comcast.net> writes:[color=blue]
> Bill Gunshannon wrote:[color=green]
>> In article <47fc244e$0$90268$14726298@news.sunsite.dk>,
>> Arne Vajh°j <arne@vajhoej.dk> writes:[color=darkred]
>>> Bill Gunshannon wrote:
>>>> I work in a school with a graduate program in Software Engineering.
>>>> It's all based on the supposed model devloped by SEI. I haven't seen
>>>> anything that even begins to approach the "Software Engineering" we
>>>> were doing 30 years ago before the term was even foisted on the IT
>>>> industry.
>>> My impression is that software engineering has advances quite a bit
>>> the last 20 years. But different universities, different students
>>> and different criteria s may explain the difference.[/color]
>>
>> What they teach as the SE methodology does not even come close to the
>> amount of "engineering" we put into projects back in my applications
>> programming days (late 70's early 80's). And we won't even go into
>> the fact that the teaching is all lip service because none of the
>> students actually apply it to their coursework and none of the
>> professors seem to care.
>>[color=darkred]
>>>> And languages like PHP and Perl are based on a paradigm
>>>> that is the antithesis of SE. The people using them make the old
>>>> BASIC programmers look like consumate professionals!! I wonder what
>>>> Dijkstra would have said about these languages as compared to his
>>>> "love" of BASIC. :-)
>>> I am not good enough in Perl to comment on that.
>>>
>>> PHP support well structured procedural and object oriented
>>> programming.
>>>
>>> PHP does not even have a goto statement.[/color]
>>
>> Just like one can write good programs even with GOTO, the lack of one
>> does not magically make programs written in a language structured,
>> elegant or proper. "Rapid prototyping" languages by their very nature
>> and the paradigm they espouse are the antithesis of SE.
>>[color=darkred]
>>> I doubt that Dijkstra would have anything bad to say about
>>> that.[/color]
>>
>> Based on all the things wrong with the underlying paradigm of the
>> language, the least of which is a non-existant security model, I
>> would hope you were wrong. Sadly, we will never know.
>>
>> bill
>>[/color]
>
> Ummm.... Just how do you build "security" into a programming language?
> Does "C" have security? Macro-32?? Fortran? PL/1? DCL?[/color]

Does "C" run under an interpretor that let's outsiders run random
pieces of code (or even just available comands) on the machines
where it's programs are installed? Does Macro32? Fortran? Get
the picture? The people who developed PHP built this "wonderful"
feature into their system.
[color=blue]
>
> I've never actually used some of the newer languages like PERL, PHP, and
> doubtless others I've either not heard of or have forgotten. If I can't
> do it in DCL, Fortran, C, Macro-32, sh, or ksh I can't do it! Someday
> maybe I'll encounter a problem which none of the tools I'm accustomed to
> can handle. Then I'll learn a new tool.
>
> I've always thought of security being a function of the O/S which does,
> or should, control who can access files with intent to change them, who
> can execute a program, who can peek into memory that does not belong to
> him, etc, etc.[/color]

With the exception of ksh I see no scripting languages in your list.
That's a good thing. I also none of the so called "rapid prototyping"
languages. That is also a good thing. Nice to see there are still a
few real profesional programmers left, but I fear we are a rapidly
dying breed.

In article <9U4cIDdua6FF@eisner.encompasserve.org>,
[email]koehler@eisner.nospam.encompasserve.org[/email] (Bob Koehler) writes:[color=blue]
> In article <47fc2231$0$90268$14726298@news.sunsite.dk>, =?ISO-8859-1?Q?Arne_Vajh=F8j?= <arne@vajhoej.dk> writes:[color=green]
>>
>> Security is not a feature in programming languages. Security depends
>> on how the code is written.[/color]
>
> In some languages the programmer has to do extra work to prevent
> buffer overruns. In some languages the programmer has to do extra
> work to allow buffer overruns.[/color]

And, if it was such a bad thing, why would they even include a way to
do it, unless there actually are times when it is necessary. I was
always amazed at how much the Profs here stressed things in Ada (back
when that was the undergraduate language du jour) like strong type
casting and array and bounds checking while using a text that devoted
an entire chapter at the back of the book to how one got around all
of this!!
[color=blue]
>
> How the code is written may be up to the programmer, but the above
> is a feature of the language.[/color]

You should have stopped at the first sentence. The second just bring
up the old adage, "It's a poor workman who blames his tools." again.

Bill Gunshannon wrote:[color=blue]
> In article <t_OdnUPlfZsxYGHanZ2dnUVZ_uuonZ2d@comcast.com>,
> "Richard B. Gilbert" <rgilbert88@comcast.net> writes:[color=green]
>> Bill Gunshannon wrote:[color=darkred]
>>> In article <47fc244e$0$90268$14726298@news.sunsite.dk>,
>>> Arne Vajh°j <arne@vajhoej.dk> writes:
>>>> Bill Gunshannon wrote:
>>>>> I work in a school with a graduate program in Software Engineering.
>>>>> It's all based on the supposed model devloped by SEI. I haven't seen
>>>>> anything that even begins to approach the "Software Engineering" we
>>>>> were doing 30 years ago before the term was even foisted on the IT
>>>>> industry.
>>>> My impression is that software engineering has advances quite a bit
>>>> the last 20 years. But different universities, different students
>>>> and different criteria s may explain the difference.
>>> What they teach as the SE methodology does not even come close to the
>>> amount of "engineering" we put into projects back in my applications
>>> programming days (late 70's early 80's). And we won't even go into
>>> the fact that the teaching is all lip service because none of the
>>> students actually apply it to their coursework and none of the
>>> professors seem to care.
>>>
>>>>> And languages like PHP and Perl are based on a paradigm
>>>>> that is the antithesis of SE. The people using them make the old
>>>>> BASIC programmers look like consumate professionals!! I wonder what
>>>>> Dijkstra would have said about these languages as compared to his
>>>>> "love" of BASIC. :-)
>>>> I am not good enough in Perl to comment on that.
>>>>
>>>> PHP support well structured procedural and object oriented
>>>> programming.
>>>>
>>>> PHP does not even have a goto statement.
>>> Just like one can write good programs even with GOTO, the lack of one
>>> does not magically make programs written in a language structured,
>>> elegant or proper. "Rapid prototyping" languages by their very nature
>>> and the paradigm they espouse are the antithesis of SE.
>>>
>>>> I doubt that Dijkstra would have anything bad to say about
>>>> that.
>>> Based on all the things wrong with the underlying paradigm of the
>>> language, the least of which is a non-existant security model, I
>>> would hope you were wrong. Sadly, we will never know.
>>>
>>> bill
>>>[/color]
>> Ummm.... Just how do you build "security" into a programming language?
>> Does "C" have security? Macro-32?? Fortran? PL/1? DCL?[/color]
>
> Does "C" run under an interpretor that let's outsiders run random
> pieces of code (or even just available comands) on the machines
> where it's programs are installed? Does Macro32? Fortran? Get
> the picture? The people who developed PHP built this "wonderful"
> feature into their system.
>[color=green]
>> I've never actually used some of the newer languages like PERL, PHP, and
>> doubtless others I've either not heard of or have forgotten. If I can't
>> do it in DCL, Fortran, C, Macro-32, sh, or ksh I can't do it! Someday
>> maybe I'll encounter a problem which none of the tools I'm accustomed to
>> can handle. Then I'll learn a new tool.
>>
>> I've always thought of security being a function of the O/S which does,
>> or should, control who can access files with intent to change them, who
>> can execute a program, who can peek into memory that does not belong to
>> him, etc, etc.[/color]
>
> With the exception of ksh I see no scripting languages in your list.[/color]

How did you miss DCL. Don't you think of DCL as a "scripting language".
Unix people seem to have a little difficulty distinguishing it from
COBOL. I've been writing DCL for twenty-four years now. It's not the
perfect scripting language but it has gotten a lot better over the
years. Adding the ELSE clause to the IF statement was a giant step forward.
[color=blue]
> That's a good thing. I also none of the so called "rapid prototyping"
> languages. That is also a good thing. Nice to see there are still a
> few real profesional programmers left, but I fear we are a rapidly
> dying breed.[/color]

Sometimes speedy development is "of the essence"! The boss needs
something and he needs it right now! If Perl or PHP will get it done
faster that's what you use. The error is not in using PHP, or Perl or
some other scripting language. The error is putting the PHP, Perl, etc,
into production and leaving it there.

I recall such a job. On one of our clusters something was creating
files. The existence of the files interfered with something else. I've
forgotten the details but the above is close enough for government work!

I was tasked with writing a script that would find and delete these
troublesome files before they caused a problem. It took me an hour or so
with my boss's boss hovering and asking "Isn't it done yet?" . . .
"Isn't it done yet?". . . . DCL was all I had to work with. It's
possible that, had I had Perl or PHP, it could have been done faster.
I don't know because I have only a slight acquaintance with Perl and
none at all with PHP.

My DCL script was only fifteen or twenty lines of code but every line of
it had to be RIGHT! It had to delete the right files and not delete
anything else and it had to run every thirty seconds (or something like
that).

Initially it would simply write a message "I think I should delete
<filespec>". I as soon as we were satisfied that it was selecting the
proper files to be deleted, I added the actual delete statement and
turned it loose.

04-10-2008, 01:33 PM

unix

Re: Php invented by a former DECcie ?

In article <664vncF2gd4t8U2@mid.individual.net>, [email]billg999@cs.uofs.edu[/email] (Bill Gunshannon) writes:[color=blue]
>
> You should have stopped at the first sentence. The second just bring
> up the old adage, "It's a poor workman who blames his tools." again.[/color]

It is indeed a poor workman who uses the wrong tools for the job.

04-10-2008, 03:48 PM

unix

Re: Php invented by a former DECcie ?

On 7 Apr, 20:39, Didier_Toulouse <didier.mora...@freesurf.fr> wrote:[color=blue]
> Hello Pals,
>
> Long time no noise :-)
>
> I'm learning Php, and I find a lot of similarities (is that a genuine
> English word ???) with DCL.
>
> Does anyone know if the Folk who created this language used to work
> for DEC before?
>
> Just to ask.
>
> Bye for know, I'm studying variables substitution...
>
> DTL[/color]

Rasmus Lerdorf the origional creator of PHP never worked for DEC.
Lerdorf did briefly work for IBM he currently works for Yahoo!

I don't think Zeev Suraski or Andi Gutmans two other PHP luminaries
worked of DEC either they are probably too young.

Regards
Andrew Harrison

04-11-2008, 01:55 AM

unix

Re: Php invented by a former DECcie ?

Simon Clubley wrote:[color=blue]
> On 2008-04-08, Arne Vajh°j <arne@vajhoej.dk> wrote:[color=green]
>> Simon Clubley wrote:[color=darkred]
>>> AIUI, it's not so much the fact that it's a easy to use language for
>>> beginners that's the problem, but the fact that it's a easy to use
>>> language with security tacked on afterwards that's the problem.[/color]
>> Security is not a feature in programming languages. Security depends
>> on how the code is written.
>>[/color]
>
> Strictly speaking, you are correct.
>
> However, I would argue that design decisions within the programming
> language can help with how secure that code is by default.
>
> For example, looking at traditional languages, I would suggest that,
> for programmers of equal capability, code written in Ada is more likely
> to be secure than code written in C.[/color]

I guess you are more talking about robustness than about security.

A language like Ada prevents various array index out of bounds
and wild pointers problems resulting in garbage data being
read, data being overwritten or crashes.

But PHP has none of those problems !

(the dynamically typed characteristics of PHP then creates
new types of potential programming bugs, but they are difficult
to compare with C)

Arne

04-11-2008, 01:57 AM

unix

Re: Php invented by a former DECcie ?

Bill Gunshannon wrote:[color=blue]
> In article <47fca857$0$90267$14726298@news.sunsite.dk>,
> Simon Clubley <clubley@remove_me.eisner.decus.org-Earth.UFP> writes:[color=green]
>> For example, looking at traditional languages, I would suggest that,
>> for programmers of equal capability, code written in Ada is more likely
>> to be secure than code written in C.[/color]
>
> No argument from me. I have used both C and Ada (and more than a dozen
> other languages over the years) and they all have their place. While I
> always argue that there is nothing inherently wrong with the C language
> I am also a very strong supporter of choosong the right language for
> the job. I wouldn't write an Accounts Receivable program in C and I
> wouldn't write an OS in COBOL. :-)
>
> Oh yeah, and I wouldn't write anything in PHP. :-)[/color]

I think you would find that writing a web based discussion forum
in PHP would be much faster to do in PHP than in C or COBOL.

Arne

04-11-2008, 01:59 AM

unix

Re: Php invented by a former DECcie ?

Bob Koehler wrote:[color=blue]
> In article <47fc2231$0$90268$14726298@news.sunsite.dk>, =?ISO-8859-1?Q?Arne_Vajh=F8j?= <arne@vajhoej.dk> writes:[color=green]
>> Security is not a feature in programming languages. Security depends
>> on how the code is written.[/color]
>
> In some languages the programmer has to do extra work to prevent
> buffer overruns. In some languages the programmer has to do extra
> work to allow buffer overruns.
>
> How the code is written may be up to the programmer, but the above
> is a feature of the language.[/color]

That is true.

Even though I would tend to consider that more robustness than security.

And the point is not very good anyway since PHP does not suffer from
that problem.

Arne

04-11-2008, 02:07 AM

unix

Re: Php invented by a former DECcie ?

Bill Gunshannon wrote:[color=blue]
> In article <47fc244e$0$90268$14726298@news.sunsite.dk>,
> Arne Vajh°j <arne@vajhoej.dk> writes:[color=green]
>> Bill Gunshannon wrote:[color=darkred]
>>> I work in a school with a graduate program in Software Engineering.
>>> It's all based on the supposed model devloped by SEI. I haven't seen
>>> anything that even begins to approach the "Software Engineering" we
>>> were doing 30 years ago before the term was even foisted on the IT
>>> industry.[/color]
>> My impression is that software engineering has advances quite a bit
>> the last 20 years. But different universities, different students
>> and different criteria s may explain the difference.[/color]
>
> What they teach as the SE methodology does not even come close to the
> amount of "engineering" we put into projects back in my applications
> programming days (late 70's early 80's). And we won't even go into
> the fact that the teaching is all lip service because none of the
> students actually apply it to their coursework and none of the
> professors seem to care.[/color]

Where I come from students have to deliver some software.
[color=blue][color=green][color=darkred]
>>> And languages like PHP and Perl are based on a paradigm
>>> that is the antithesis of SE. The people using them make the old
>>> BASIC programmers look like consumate professionals!! I wonder what
>>> Dijkstra would have said about these languages as compared to his
>>> "love" of BASIC. :-)[/color]
>> I am not good enough in Perl to comment on that.
>>
>> PHP support well structured procedural and object oriented
>> programming.
>>
>> PHP does not even have a goto statement.[/color]
>
> Just like one can write good programs even with GOTO, the lack of one
> does not magically make programs written in a language structured,
> elegant or proper.[/color]

PHP has about the same control structures as all the other major
languages invented after 1970.
[color=blue]
> "Rapid prototyping" languages by their very nature
> and the paradigm they espouse are the antithesis of SE.[/color]

Neither Perl nor PHP are prototyping languages.

And use of prototypes can be very good software engineering-
[color=blue][color=green]
>> I doubt that Dijkstra would have anything bad to say about
>> that.[/color]
>
> Based on all the things wrong with the underlying paradigm of the
> language, the least of which is a non-existant security model, I
> would hope you were wrong. Sadly, we will never know.[/color]

PHP does not have a security model.

Neither has Fortran, Cobol, Pascal, C or C++.

Security model exist in languages like Java, .NET and JavaScript.

For good reasons - a security model only makes sense in environments
like browser.

Arne

04-11-2008, 02:10 AM

unix

Re: Php invented by a former DECcie ?

Richard B. Gilbert wrote:[color=blue]
> Sometimes speedy development is "of the essence"! The boss needs
> something and he needs it right now! If Perl or PHP will get it done
> faster that's what you use. The error is not in using PHP, or Perl or
> some other scripting language. The error is putting the PHP, Perl, etc,
> into production and leaving it there.
>
> I recall such a job. On one of our clusters something was creating
> files. The existence of the files interfered with something else. I've
> forgotten the details but the above is close enough for government work!
>
> I was tasked with writing a script that would find and delete these
> troublesome files before they caused a problem. It took me an hour or so
> with my boss's boss hovering and asking "Isn't it done yet?" . . .
> "Isn't it done yet?". . . . DCL was all I had to work with. It's
> possible that, had I had Perl or PHP, it could have been done faster.
> I don't know because I have only a slight acquaintance with Perl and
> none at all with PHP.
>
> My DCL script was only fifteen or twenty lines of code but every line of
> it had to be RIGHT! It had to delete the right files and not delete
> anything else and it had to run every thirty seconds (or something like
> that).
>
> Initially it would simply write a message "I think I should delete
> <filespec>". I as soon as we were satisfied that it was selecting the
> proper files to be deleted, I added the actual delete statement and
> turned it loose.[/color]

DCL probably was the best language for the task.

Arne

04-11-2008, 02:19 AM

unix

Re: Php invented by a former DECcie ?

Bill Gunshannon wrote:[color=blue]
> Does "C" run under an interpretor that let's outsiders run random
> pieces of code (or even just available comands) on the machines
> where it's programs are installed? Does Macro32? Fortran? Get
> the picture? The people who developed PHP built this "wonderful"
> feature into their system.[/color]

In that sense PHP is exactly like C, Macro-32 and Fortran. If the
application gets input from the user and execute it as a command, then
it does just that.
[color=blue][color=green]
>> I've never actually used some of the newer languages like PERL, PHP, and
>> doubtless others I've either not heard of or have forgotten. If I can't
>> do it in DCL, Fortran, C, Macro-32, sh, or ksh I can't do it! Someday
>> maybe I'll encounter a problem which none of the tools I'm accustomed to
>> can handle. Then I'll learn a new tool.
>>
>> I've always thought of security being a function of the O/S which does,
>> or should, control who can access files with intent to change them, who
>> can execute a program, who can peek into memory that does not belong to
>> him, etc, etc.[/color]
>
> With the exception of ksh I see no scripting languages in your list.
> That's a good thing. I also none of the so called "rapid prototyping"
> languages. That is also a good thing. Nice to see there are still a
> few real profesional programmers left, but I fear we are a rapidly
> dying breed.[/color]

Not at all.

Languages as Java, C#, C, C++, VB.NET etc. are still very widely
used and will likely continue to be so for decades.

Google just announced their Google Application Engine with
Python as their first language supported.

Arne

04-11-2008, 03:33 AM

unix

Re: Php invented by a former DECcie ?

Arne Vajh°j wrote:[color=blue]
> Simon Clubley wrote:[color=green]
>> On 2008-04-08, Arne Vajh°j <arne@vajhoej.dk> wrote:[color=darkred]
>>> Simon Clubley wrote:
>>>> AIUI, it's not so much the fact that it's a easy to use language for
>>>> beginners that's the problem, but the fact that it's a easy to use
>>>> language with security tacked on afterwards that's the problem.
>>> Security is not a feature in programming languages. Security depends
>>> on how the code is written.
>>>[/color]
>>
>> Strictly speaking, you are correct.
>>
>> However, I would argue that design decisions within the programming
>> language can help with how secure that code is by default.
>>
> > For example, looking at traditional languages, I would suggest that,
> > for programmers of equal capability, code written in Ada is more likely
> > to be secure than code written in C.[/color]
>
> I guess you are more talking about robustness than about security.
>
> A language like Ada prevents various array index out of bounds
> and wild pointers problems resulting in garbage data being
> read, data being overwritten or crashes.
>
> But PHP has none of those problems !
>
> (the dynamically typed characteristics of PHP then creates
> new types of potential programming bugs, but they are difficult
> to compare with C)
>
> Arne
>
>
>[/color]

ISTR that ADA is also strongly typed. It is not easy to store an int
into a float. It can be done but you have to first explain to the
compiler yes, I really, really, mean that. If a function takes two
arguments, you had better supply exactly two. And so on.

It makes most of the most common screwups extremely difficult. You can
still write bad code in Ada but you really have to work at it. I have
seen exactly one shop that used it! I did a little little work for them
fourteen or fifteen years ago; installing some software

04-11-2008, 03:52 PM

unix

Re: Php invented by a former DECcie ?

On Thu, 10 Apr 2008 20:33:38 -0700, Richard B. Gilbert
<rgilbert88@comcast.net> wrote:
[color=blue]
> Arne Vajh°j wrote:[color=green]
>> Simon Clubley wrote:[color=darkred]
>>> On 2008-04-08, Arne Vajh°j <arne@vajhoej.dk> wrote:
>>>> Simon Clubley wrote:
>>>>> AIUI, it's not so much the fact that it's a easy to use language for
>>>>> beginners that's the problem, but the fact that it's a easy to use
>>>>> language with security tacked on afterwards that's the problem.
>>>> Security is not a feature in programming languages. Security depends
>>>> on how the code is written.
>>>>
>>>
>>> Strictly speaking, you are correct.
>>>
>>> However, I would argue that design decisions within the programming
>>> language can help with how secure that code is by default.
>>>
>> > For example, looking at traditional languages, I would suggest that,
>> > for programmers of equal capability, code written in Ada is more[/color]
>> likely[color=darkred]
>> > to be secure than code written in C.[/color]
>> I guess you are more talking about robustness than about security.
>> A language like Ada prevents various array index out of bounds
>> and wild pointers problems resulting in garbage data being
>> read, data being overwritten or crashes.
>> But PHP has none of those problems !
>> (the dynamically typed characteristics of PHP then creates
>> new types of potential programming bugs, but they are difficult
>> to compare with C)
>> Arne
>>[/color]
>
> ISTR that ADA is also strongly typed. It is not easy to store an int
> into a float. It can be done but you have to first explain to the
> compiler yes, I really, really, mean that. If a function takes two
> arguments, you had better supply exactly two. And so on.
>
> It makes most of the most common screwups extremely difficult. You can
> still write bad code in Ada but you really have to work at it. I have
> seen exactly one shop that used it! I did a little little work for them
> fourteen or fifteen years ago; installing some software
>[/color]
PL/I is the same in this respect, although a bit more liberal in allowing
aliasing and making bounds checking programmer's choice as opposed to
making it inherent. And yes you can write bad code in any language.

--
PL/I for OpenVMS
[url]www.kednos.com[/url]

04-11-2008, 04:18 PM

unix

Re: Php invented by a former DECcie ?

In article <47feca98$0$90264$14726298@news.sunsite.dk>,
Arne Vajh°j <arne@vajhoej.dk> writes:[color=blue]
> Bill Gunshannon wrote:[color=green]
>> Does "C" run under an interpretor that let's outsiders run random
>> pieces of code (or even just available comands) on the machines
>> where it's programs are installed? Does Macro32? Fortran? Get
>> the picture? The people who developed PHP built this "wonderful"
>> feature into their system.[/color]
>
> In that sense PHP is exactly like C, Macro-32 and Fortran. If the
> application gets input from the user and execute it as a command, then
> it does just that.[/color]

No, it's not. If you put something as inocuous as "hello world" in PHP as
a CGI on your website (assuming FreeBSD as the host for simplicity) I can
use the PHP intertpretor to execute the "fetch" command to download an
arbitrary file (I have seen many PHP and Perl telnetd programs used this
way) to your web server into any writable directory (like /tmp) and then,
unless you have been smart enough to make that writebale directory "no execute",
I can run the program using the exact same "hole" in the PHP interpretor.
It's not a bug, it's a feature!!
[color=blue]
>[color=green][color=darkred]
>>> I've never actually used some of the newer languages like PERL, PHP, and
>>> doubtless others I've either not heard of or have forgotten. If I can't
>>> do it in DCL, Fortran, C, Macro-32, sh, or ksh I can't do it! Someday
>>> maybe I'll encounter a problem which none of the tools I'm accustomed to
>>> can handle. Then I'll learn a new tool.
>>>
>>> I've always thought of security being a function of the O/S which does,
>>> or should, control who can access files with intent to change them, who
>>> can execute a program, who can peek into memory that does not belong to
>>> him, etc, etc.[/color]
>>
>> With the exception of ksh I see no scripting languages in your list.
>> That's a good thing. I also none of the so called "rapid prototyping"
>> languages. That is also a good thing. Nice to see there are still a
>> few real profesional programmers left, but I fear we are a rapidly
>> dying breed.[/color]
>
> Not at all.
>
> Languages as Java, C#, C, C++, VB.NET etc. are still very widely
> used and will likely continue to be so for decades.
>
> Languages as Perl, Python, PHP, Ruby etc. are gaining popularity
> though.
>
> Google just announced their Google Application Engine with
> Python as their first language supported.[/color]

Bill Gunshannon wrote:[color=blue]
> In article <47feca98$0$90264$14726298@news.sunsite.dk>,
> Arne Vajh°j <arne@vajhoej.dk> writes:[color=green]
>> Bill Gunshannon wrote:[color=darkred]
>>> Does "C" run under an interpretor that let's outsiders run random
>>> pieces of code (or even just available comands) on the machines
>>> where it's programs are installed? Does Macro32? Fortran? Get
>>> the picture? The people who developed PHP built this "wonderful"
>>> feature into their system.[/color]
>> In that sense PHP is exactly like C, Macro-32 and Fortran. If the
>> application gets input from the user and execute it as a command, then
>> it does just that.[/color]
>
> No, it's not. If you put something as inocuous as "hello world" in PHP as
> a CGI on your website (assuming FreeBSD as the host for simplicity) I can
> use the PHP intertpretor to execute the "fetch" command to download an
> arbitrary file (I have seen many PHP and Perl telnetd programs used this
> way) to your web server into any writable directory (like /tmp) and then,
> unless you have been smart enough to make that writebale directory "no execute",
> I can run the program using the exact same "hole" in the PHP interpretor.
> It's not a bug, it's a feature!![/color]

It is possible that, since I rarely read the forum any more, I may be
coming to this discussion a little late. Still, I feel the need to
rebut some claims...

You seem to have an antipathy towards any scripting languages. You also
seem to be confusing poorly written scripts with a poorly implemented
language.

I'm willing to put it to the test.

Go to [url]www.theberrymans.com/php/hello.php[/url] and show me what you can do.

Ada is very strongly typed.
[color=blue]
> It is not easy to store an int
> into a float. It can be done but you have to first explain to the
> compiler yes, I really, really, mean that.[/color]

Correct.
[color=blue]
> If a function takes two
> arguments, you had better supply exactly two. And so on.[/color]

Most languages support that.

Arne

04-27-2008, 02:29 AM

unix

Re: Php invented by a former DECcie ?

Bill Gunshannon wrote:[color=blue]
> In article <47feca98$0$90264$14726298@news.sunsite.dk>,
> Arne Vajh°j <arne@vajhoej.dk> writes:[color=green]
>> Bill Gunshannon wrote:[color=darkred]
>>> Does "C" run under an interpretor that let's outsiders run random
>>> pieces of code (or even just available comands) on the machines
>>> where it's programs are installed? Does Macro32? Fortran? Get
>>> the picture? The people who developed PHP built this "wonderful"
>>> feature into their system.[/color]
>> In that sense PHP is exactly like C, Macro-32 and Fortran. If the
>> application gets input from the user and execute it as a command, then
>> it does just that.[/color]
>
> No, it's not. If you put something as inocuous as "hello world" in PHP as
> a CGI on your website (assuming FreeBSD as the host for simplicity) I can
> use the PHP intertpretor to execute the "fetch" command to download an
> arbitrary file (I have seen many PHP and Perl telnetd programs used this
> way) to your web server into any writable directory (like /tmp) and then,
> unless you have been smart enough to make that writebale directory "no execute",
> I can run the program using the exact same "hole" in the PHP interpretor.
> It's not a bug, it's a feature!![/color]

Arne Vajh°j wrote:[color=blue]
> Richard B. Gilbert wrote:[color=green]
>> Arne Vajh°j wrote:[color=darkred]
>>> A language like Ada prevents various array index out of bounds
>>> and wild pointers problems resulting in garbage data being
>>> read, data being overwritten or crashes.[/color]
>>
>> ISTR that ADA is also strongly typed.[/color]
>
> Ada is very strongly typed.
>[color=green]
>> It is not easy to store an int
>> into a float. It can be done but you have to first explain to the
>> compiler yes, I really, really, mean that.[/color]
>
> Correct.
>[color=green]
>> If a function takes two
>> arguments, you had better supply exactly two. And so on.[/color]
>
> Most languages support that.
>
> Arne[/color]

Support? Maybe! Enforce? No!

The last time I looked, DEC/Compaq/HP had not provided C function
declarations for the LIBR$ routines. I had to roll my own! If anyone
wants them I may be able to find a copy. . . .

C people might think of it as "creative freedom". I think it's an
invitation to trouble someday.